Rex

Rex, a trojan initially discovered in May 2016, targets the Linux operating system and is able to self-replicate through infected websites and uses infected machines to create a peer-to-peer botnet. This trojan was originally described as Drupal ransomware and can attack web servers that use content management systems (CMS), perform DDoS attacks, send spam, and distribute itself over networks. Additionally, Rex can hack websites built using Drupal by exploiting an SQL injection vulnerability. Rex searches for network hardware that runs AirOS to exploit known vulnerabilities in order to gain access to user lists, private SSH keys, and login credentials stored on remote servers. Cybercriminals can also use Rex to mine for cryptocurrency on infected hosts. Attackers behind this trojan have sent messages to victims claiming to be the Armada Collective gang and threatened DDoS attacks unless a ransom was paid.

Reference in this site to any specific commercial product, process, or service, or the use of any trade, firm or corporation name is for the information and convenience of the public, and does not constitute endorsement, recommendation, or favoring by the NJCCIC and the State of New Jersey.